You cannot apply Group Policy settings after you rename a Windows Server 2003-based domain (896983)


The information in this article applies to:

  • Microsoft Windows Server 2003, Standard Edition
  • Microsoft Windows Server 2003, Enterprise Edition
  • Microsoft Windows Server 2003, Datacenter Edition

SYMPTOMS

After you rename a Microsoft Windows Server 2003-based domain, you cannot apply Group Policy settings on the member server of this domain. Additionally, the following event may be logged in the Application event log:Event Type: Error Event Source: Userenv Event Category: None Event ID: 1058 Description: Windows cannot access the file gpt.ini for GPO CN={31B2F340-016D-11D2-945F-00C04FB984F9},CN=Policies,CN=System,DC=domain name,DC=com. The file must be present at the location <\\domain name\sysvol\domain name\Policies\{31B2F340-016D-11D2-945F-00C04FB984F9}\gpt.ini>. (error description). Group Policy processing aborted.

CAUSE

This issue occurs if you use the original release or the April 15, 2003 release of the Rendom.exe utility to rename the domain after you perform one of the following procedures:
  • You convert a child domain into the root of a domain tree.
  • You convert the root of a domain tree into a child domain.
The Rendom.exe utility incorrectly handles the rootTrust and trustParent attributes on the cross-ref object of renamed domains.

RESOLUTION

To resolve this issue, download version 1.4 of the Rendom.exe utility, and then perform the domain-renaming operation. To download version 1.4 of the Rendom.exe utility, visit the following Microsoft Web site:

http://www.microsoft.com/windowsserver2003/downloads/domainrename.mspx

Note There is no plan to update the Rendom.exe utility in Windows Server 2003 Service Pack 1 (SP1). Version 1.4 of the Rendom.exe utility only prevents the issue that is described in the "Symptoms" section. This version of the Rendom.exe utility does not help you recover from the problems that are caused by the original release of the Rendom.exe utility.

WORKAROUND

To work around this issue, modify the rootTrust and trustParent attributes. To do this, use one of the following methods:
  • Use the ADSIEdit tool to delete the rootTrust attribute on the cross-ref object. Then, re-add the rootTrust attribute. Also use the ADSIEdit tool to delete the trustParent attribute on the cross-ref object. Then, re-add the trustParent attribute..
  • Use the ADSIEdit tool to assign different values to the rootTrust and trustParent attributes. Then, change these values back to their previous settings.
After the metadata is replicated, this issue is resolved.

For more information about the ADSIEdit tool, visit the following Microsoft Web site:

http://technet2.microsoft.com/windowsserver/en/library/ebca3324-5427-471a-bc19-9aa1decd3d401033.mspx

Modification Type:MajorLast Reviewed:3/1/2006
Keywords:kbprb kbinfo KB896983 kbAudITPRO
©2004 Microsoft Corporation. All rights reserved.